Abstract:

Once implemented, a Client Registry is considered to be the authoritative source of patient demographic information throughout a jurisdiction. This makes it an important foundational element of the Electronic Health Record and a key element for study in any Health Informatics program. This past summer the author spent his internship at the Nova Scotia Department of Health working with a team which, in partnership with Canada Health Infoway, performed detailed planning for the implementation of a prvince wide Client Registry. Acting as the Privacy Lead for the team, the author conducted a Privacy Impact Assessment for the Client Registry which identified two key implementation issues. The author also contributed research on best practices in Data Quality Assessment and Data Cleansing, offered an approach to ‘seeding’ the Client Registry with data from stakeholder systems, and aided with the Use Case analysis of the processes underlying the use of the Client Registry. All documents generated by the author were submitted to Canada Health Infoway for their approval, as part of the requirements of the project. While conducting the Privacy Impact Assessment, the author identified an opportunity for improvement in the handling of log files generated by Client Registry stakeholder systems. A high-level solution architecture is offered, based upon an established Intrusion Detection System model. The author proposes using Data Mining techniques to analyze system log files looking for abnormal user behaviour (anomaly detection) as an indication of a breach of privacy.